18ca617c23
Land #5649 , Fix undefined sysinfo method error in meterpreter.rb
2015-07-15 23:27:02 -05:00
886ca47dfb
Land #5650 , @wchen-r7's browser autopwn 2
2015-07-15 10:21:44 -05:00
4f8f640189
Rename autopwnv2 to just autopwn2
2015-07-14 17:38:51 -05:00
709676e6cc
Make exploits quiet
2015-07-14 17:00:44 -05:00
219d0032fa
Do print_good to make this important stand up more
2015-07-14 15:36:35 -05:00
1992a5648d
Make up our damn mind
2015-07-14 15:09:23 -05:00
d64f4be691
Check if URIPORT is 0
2015-07-14 14:45:10 -05:00
5e63b5f93e
Can't use cli
2015-07-14 14:37:45 -05:00
cf714fe4aa
Change port logic too
2015-07-14 14:19:00 -05:00
61d49f29e8
Check nil for SRVHOST option
2015-07-14 14:16:49 -05:00
8efb4df8af
Change the HOST IP logic again
2015-07-14 14:15:32 -05:00
9980e8f285
Change SRVHOST vs URIHOST vs Rex again
2015-07-14 14:06:33 -05:00
f76fe07872
Fix SRVHOST
2015-07-14 13:49:28 -05:00
9be030bbff
Fix nil in executable generation
2015-07-14 18:47:33 +00:00
9dddb13d0b
Slow down on killing exploits
...
Jobs aren't thread safe, so we kind of have to take it easy.
2015-07-14 13:10:57 -05:00
2264efac15
Reduce output
2015-07-14 12:22:38 -05:00
100d3c8d46
A number of small fixes for BAPv2
...
* Use module.register_parent() to pass WORKSPACE and other fields
* Prevent partial resource matching in URIs
* Make disclosure_date sorting resilient
2015-07-14 11:40:28 -05:00
60444c208b
Land #5658 , MSF version includes git hash now
2015-07-14 09:21:25 -05:00
0582e7e3ca
Return nil instead of "null"
...
A scenario is when FF disables Flash, BES returns "null", and when
modules try to use Gem::Version, the "null" is considered a malformed
data and it won't be able to continue.
2015-07-14 01:25:41 -05:00
8384be6466
Fix rand_text_alpha and bump max exploit count to 21
2015-07-14 01:02:01 -05:00
d6565a9aee
Merge branch 'bes_flash' into bapv2_flash_test
2015-07-14 00:34:54 -05:00
8fb6bedd94
Delete as3 detecotr
2015-07-13 18:23:39 -05:00
8928c5529c
Fix Javascript code
2015-07-13 17:43:04 -05:00
244d9bae64
Add max timeout
2015-07-13 16:52:25 -05:00
9116460cb0
Add prototype with AS3
2015-07-13 16:33:55 -05:00
07d05828d0
Land #5688 , remove msfcli
2015-07-13 15:27:38 -05:00
93f154b395
Land #5695 , SMTPDeliver STARTTLS unspecific SSL
2015-07-13 18:54:41 +00:00
0a5119a4ac
Land #5702 , vprint_* optional parameter
2015-07-13 18:47:22 +00:00
884b779b36
Land #5593 , CVE-2015-1155 Safari file:// Redirection Sandbox Escape
2015-07-13 11:28:39 -05:00
e638d85f30
Merge branch 'upstream-master' into bapv2
2015-07-12 02:01:09 -05:00
8d40d30d47
Comemnt
2015-07-11 23:24:01 -05:00
88357857a0
These datastore options don't need to set anymore
2015-07-11 23:22:05 -05:00
a4dc409c12
Add empty default vprint value
2015-07-11 19:38:27 +01:00
8349a274ea
use and include git hash of Framework as part of the version
...
Because we do not always update the version number, multiple releases have
shown version string, which is not useful for helping debug issues, or for
knowing what features are enabled.
This adds the git hash or reads from a file a copy of the git hash (useful for
doing packaged builds without git) so that it is clear the origin of a
particular metasploit-framework version.
2015-07-10 18:03:37 -05:00
89aa00cfc4
Check job workspace
2015-07-10 13:09:42 -05:00
086de2c030
Pass more options
2015-07-10 12:39:43 -05:00
513dcf3574
We don't need these methods anymore
2015-07-10 12:12:53 -05:00
493971245a
switch nsock locally to TLS - don't assume self.sock is set
2015-07-10 12:10:53 -05:00
3495d317b5
Do not lock SMTP STARTTLS to only use SSLv3
...
SSLv3 has been deprecated for some time, and is being actively disabled more
and more (http://disablessl3.com , https://tools.ietf.org/html/rfc7568 ).
To maintain forward compatibility, do not specify a maximum version
and insteady use the default from the local OpenSSL library instead. Fallbacks
to older versions will happen on handshake as needed.
2015-07-10 11:17:31 -05:00
51f59b3c8c
Re-add URI generation to reverse_http
2015-07-10 16:21:55 +10:00
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
21e44f235e
Example of doing Flash detection with Flash
2015-07-08 13:18:57 -05:00
0b59e63084
keep advanced options on the fat side of the conditional
2015-07-07 22:44:34 -05:00
23abc288c8
Resolved conflicts with master
2015-07-07 22:34:30 -05:00
fdb715c9dd
Merge branch 'upstream-master' into bapv2
2015-07-07 13:45:39 -05:00
dc0ce88279
We're note actually using Mubex, it might be causing a crash too
...
A problem we are seeing is that sometimes when BAP terminates
(ie: jobs -K), we hit a deadlock while jobs are trying to cleanup,
and sometimes that might cause msfconsole to crash and terminate.
We suspect this Mubex is a contributing factor but it has been hard
to prove because it's very hard to reproduce the crash.
2015-07-07 00:32:20 -05:00
4a70e23f9a
Add ExploitReloadTimeout datastore option
...
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
0a4c6fb92f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2015-07-06 14:24:52 -05:00
c68064ba36
Lands #5671 , re-integrates SMB fdleak/timeout settings
2015-07-06 14:23:59 -05:00
366d42a0d8
Land #5609 , Fuzzer.rb and file_info.rb YARD doc update
2015-07-06 14:12:55 -05:00
wchen-r7
jvazquez-r7
William Vu
HD Moore
Samuel Huckins
Brent Cook
g0tmi1k
OJ
Mo Sadek